From: Matt D. Harris (vesper@depraved.org)
Date: Thu Jul 10 2003 - 16:33:33 EDT
Volker Kindermann wrote:
>>Fact is, the posts that are most harmful don't come across as "y0ur
>>pr0dukt sukz", they are carefully written by intelligent folks who
>>insert their lies into coherent sentences. Even with an equally
>>intelligent statement refuting it by the vendor, there is no real way
>>for a 3rd party observer to know who is telling the truth.
>
>
> In this case it should be easy for the vendor to provide a trial version
> to show all interested clients the capabilities of the product.
>
> David, don't get me wrong, but I've made the experience over the years
> that mostly the vendors are telling lies about their products, not the
> users.
Not to mention that other users of said product will come out with their
own experiences. There's a very good possibility that if someone were
to come out with a lie, bit of misinformation, or otherwise incorrect
statement put forth as fact regarding a product, that another user of
said product would correct them publicly. The security community isn't
all THAT big, and most of it is on at least some securityfocus lists, it
seems. I'd be very surprised if there were a product which no one or
only one person here had experience with. Especially a commercial
product, considering that oftentimes professionals will evaluate
multiple products before making a purchase, hence giving them the
ability to make at least mostly accurate testimonials to those products.
I usually check out at least 10 options when I want to implement
something new, and test at least 4 or 5 of them before shelling out
money (or even just time in the case of free software) to implement it
in full production capacity. The professionals here will generally
police one another on the account of mistakes, and will also correct any
incorrect hogwash. And as for opinions, they're simply that. An
opinion is an opinion is an opinion. People are entitled to their own,
and that's the way it has to be for the world to keep on spinning. In
the case of mis-statement of facts though, we enter a much more powerful
area - "I think foo's IDS is a pain in the neck to administer" is
different from "Foo's IDS has an issue with certain types of packets
being caught and identified as belonging to a signature but then not
being processed properly or alerts being sent" - the former would make
me try Foo's IDS out before sinking money into it, to see if the
interface was compatible with my and the other engineers' method of
working, the latter would make me far more wary of the product.
And now, I'll throw my two cents in regarding accountability and
whatnot. Unlike some other people, I seem to actually understand the
spirit of the point Al is trying to make. Maybe it wasn't laid out in
clear layman's English, but it was easy enough to pick up on if you
actually pondered it for a moment and *wanted* to get it. The point is
simply this. There is no good reason not to be yourself. It shows a
lack of maturity, and leads to a lack of trust. If you're not willing
to be honest about your name here (which you most certainly are in other
places out in the world, like the department of motor vehicles, or your
doctor's, or your employer's) then why should the list trust your
opinions or anything that you have to say? Furthermore, as a moderator,
why should Al trust you, on behalf of this list?
If anyone can find a single good reason not to use one's real name when
posting to a mailing list (real employer is different - there're plenty
of good reasons not to use that especially in the case of sensitive
government security positions), then please feel free to speak on that
point. How many people here's real address and whatnot are in the whois
information for the domain from which they're sending mail? I'd gather
at least a few.
- MDH
---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.
Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:36 EDT